Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: itunes in task manager, nowhere else. parite-something removed recently using s&d

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default itunes in task manager, nowhere else. parite-something removed recently using s&d

    Hi there.

    I dont know much about computers, malware and problems like this. I have a problem, are desperate and followed your instructions (erunt, teatimer, hjt). Now i am hoping for help.

    When i start itunes it shows in the task manager (itunes, itunes helper, apple mobile device) but the program itself isnt visible. I tried deleting an sc.info file as described on apple.com, that helped yesterday, but today the problem is back and it doesnt help to delete sc info again, which is now only a text-file and not an (no idea what it was)-database-file.

    Yesterday s&d deleted an parite-something-file wich it found somewhere in my systemfolders.

    Just once the same problem (in taskmanager, not working) happened with skype today. Skype worked at the second try.


    I hope thats enough information about a problem they probably know. Didnt find help on google, so heres my system data and my hjt log:

    Xp-Professional
    Service Pack3
    AMD Athlon 64, 3500 (plus)
    2,21 GHz, 1,00 GB Ram

    _____________________________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:57, on 10.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunServices: [WindowsRegKey update] cdiodytjqo.exe
    O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6789 bytes



    Thank you so much in advance! I will update all information and changes that happen after your help!


    Christian

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and Welcome to Safer Networking,

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Please continue to respond until I give you the "All Clear"


    If you follow these instructions, everything should go smoothly.

    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible.
    Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    1 - SDFix

    • Download SDFix and save it to your Desktop.

      Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)


    2 - Boot into Safe Mode

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.


    3 - Run SDFix

    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


    4 - download and run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)


    5 - Status Check
    Please reply with

    1. the SDFix.Report.txt (C:\SDFix\report.txt)
    1.the logs from RSIT (log.txt ,info.txt)

    description of any problems you are having with your PC

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    Ok, here's what you asked for. I'm not experiencing any problems with my machine right now.

    Thanks again for your help so far!


    REPORT


    SDFix: Version 1.240
    Run by K›dde on 13.03.2009 at 20:15

    Microsoft Windows XP [Versjon 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-13 20:26:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programfiler\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:8a,4d,a2,ad,70,83,a8,10,ab,55,77,59,4a,77,7f,3a,38,42,da,11,46,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
    "khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:7e,c5,9b,63,0d,38,ef,30,7b,dd,f9,34,28,d4,aa,c6,1b,07,a0,e9,82,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:96,69,f5,b7,60,74,c1,22,0f,98,1a,c5,fe,1f,da,99,3d,b3,d7,9a,97,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programfiler\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:f8,6d,ff,1d,e8,7e,8f,da,ce,3f,5d,b6,9b,ca,0a,45,80,21,ad,c0,23,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,6a,0e,1d,18,63,78,4e,18,ae,1e,a1,3f,9a,68,81,4b,4c,..
    "khjeh"=hex:c5,ca,38,3a,6d,ba,c5,9f,6d,cf,a1,a2,82,60,e0,2a,6d,21,36,9f,cd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:3f,69,6a,7a,9a,b9,38,f8,95,25,ff,23,4e,3c,b5,42,c3,cd,74,4f,10,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:84,5e,4b,34,be,de,17,f9,58,c2,c0,56,9e,3e,e4,76,20,c3,32,21,4f,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s0"=dword:2a26279a
    "s1"=dword:e727a182
    "s2"=dword:9393da3b
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:02,f0,9c,e4,87,ad,8f,25,ec,69,ea,05,bc,a4,30,27,47,63,35,5c,e7,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\cdiodytjqo.exe"="C:\\WINDOWS\\system32\\cdiodytjqo.exe:*:Disabled:cdiodytjqo"
    "C:\\Programfiler\\WinMX\\WinMX.exe"="C:\\Programfiler\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
    "D:\\Spill\\LOTR\\game.dat"="D:\\Spill\\LOTR\\game.dat:*:Disabled:Kampen om Midgard(tm)"
    "C:\\Programfiler\\Kazaa\\kazaa.exe"="C:\\Programfiler\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
    "C:\\Programfiler\\BitComet\\BitComet.exe"="C:\\Programfiler\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\\Programfiler\\LimeWire\\LimeWire.exe"="C:\\Programfiler\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Programfiler\\Google\\Google Talk\\googletalk.exe"="C:\\Programfiler\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
    "C:\\Programfiler\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Programfiler\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
    "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "D:\\Spill\\Valve\\Steam\\Steam.exe"="D:\\Spill\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
    "D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\opposing force\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
    "D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life blue shift\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life blue shift\\hl.exe:*:Enabled:Half-Life Launcher"
    "D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life\\hl.exe"="D:\\Spill\\Valve\\Steam\\SteamApps\\kjetilss\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Programfiler\\uTorrent\\uTorrent.exe"="C:\\Programfiler\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"="C:\\Programfiler\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Programfiler\\Spotify\\spotify.exe"="C:\\Programfiler\\Spotify\\spotify.exe:*:Enabled:Spotify"
    "C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :



    Files with Hidden Attributes :

    Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe"
    Mon 31 Dec 2007 4,521 ...HR --- "C:\Documents and Settings\K›dde\Programdata\SecuROM\UserData\securom_v7_01.bak"

    Finished!


    INFO

    info.txt logfile of random's system information tool 1.05 2009-03-13 20:39:54

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A90000000001}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Ashampoo Burning Studio 6 FREE-->"C:\Programfiler\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x14
    Audacity 1.2.6-->"C:\Programfiler\Audacity\unins000.exe"
    AVG 7.5-->C:\Programfiler\Grisoft\AVG7\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Programfiler\CCleaner\uninst.exe"
    Diskeeper Professional Edition-->MsiExec.exe /X{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}
    ERUNT 1.1j-->C:\Programfiler\ERUNT\unins000.exe
    FileZilla Server (remove only)-->"C:\Programfiler\FileZilla Server\uninstall.exe"
    Free Mp3 Wma Converter V 1.8.0-->"C:\Programfiler\Free Audio Pack\unins000.exe"
    GIMP 2.6.4-->"C:\Programfiler\GIMP-2.0\setup\unins000.exe"
    HijackThis 2.0.2-->"C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hurtigreparasjon for Windows Media Player 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
    Hurtigreparasjon for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hurtigreparasjon for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    iDump (Backing up your iPod)-->C:\Programfiler\iDump\uninstall.exe
    IrfanView (remove only)-->C:\Programfiler\IrfanView\iv_uninstall.exe
    iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
    Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
    Karen's Directory Printer-->C:\Programfiler\Karen's Power Tools\Directory Printer\uninst.exe
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.7)-->C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
    Mp3tag v2.42-->C:\Programfiler\Mp3tag\Mp3tagUninstall.EXE
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Oppdatering for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Oppdatering for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Oppdatering for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
    RT2500 Wireless LAN Card-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{AAA66A0D-E610-40B8-9D51-C1854285773A}\setup.exe" -l0x9 -removeonly
    Sikkerhetsoppdatering for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Sikkerhetsoppdatering for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Sony USB Driver-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    SopCast 3.0.3-->C:\Programfiler\SopCast\uninst.exe
    Spotify-->"C:\Programfiler\Spotify\uninstall.exe"
    Spybot - Search & Destroy-->"C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
    Terayon DOCSIS Modem-->RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
    TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
    VCW VicMan's Photo Editor 8.1-->"C:\Programfiler\VCW VicMan's Photo Editor\unins000.exe"
    VLC media player 0.9.8a-->C:\Programfiler\VideoLAN\VLC\uninstall.exe
    Windows Media Format 11 runtime-->"C:\Programfiler\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Programfiler\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Programfiler\WinRAR\uninstall.exe
    xp-AntiSpy 3.97-->C:\Programfiler\xp-AntiSpy\Uninstall.exe
    Your Uninstaller! 2008 Version 6.0-->"C:\Programfiler\Your Uninstaller 2008\unins000.exe"

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: Avira AntiVir PersonalEdition Classic
    AV: Avira AntiVir PersonalEdition Classic
    AV: Avira AntiVir PersonalEdition Classic
    AV: Avira AntiVir PersonalEdition Classic (outdated)
    AV: AVG 7.5.557
    AV: Avira AntiVir PersonalEdition Classic
    AV: Avira AntiVir PersonalEdition Classic

    System event log

    Computer Name: CHRISTIAN
    Event Code: 7035
    Message: Apple Mobile Device-tjenesten har sendt en start-kontroll.
    Record Number: 44204
    Source Name: Service Control Manager
    Time Written: 20090208155545.000000+060
    Event Type: Informasjon
    User: NT-MYNDIGHET\SYSTEM

    Computer Name: CHRISTIAN
    Event Code: 7036
    Message: Tjenesten Windows Installer gikk inn i tilstanden Kjører.

    Record Number: 44203
    Source Name: Service Control Manager
    Time Written: 20090208155508.000000+060
    Event Type: Informasjon
    User:

    Computer Name: CHRISTIAN
    Event Code: 7035
    Message: Windows Installer-tjenesten har sendt en start-kontroll.
    Record Number: 44202
    Source Name: Service Control Manager
    Time Written: 20090208155508.000000+060
    Event Type: Informasjon
    User: NT-MYNDIGHET\SYSTEM

    Computer Name: CHRISTIAN
    Event Code: 7036
    Message: Tjenesten Computer Browser gikk inn i tilstanden Kjører.

    Record Number: 44201
    Source Name: Service Control Manager
    Time Written: 20090208155401.000000+060
    Event Type: Informasjon
    User:

    Computer Name: CHRISTIAN
    Event Code: 7035
    Message: Computer Browser-tjenesten har sendt en start-kontroll.
    Record Number: 44200
    Source Name: Service Control Manager
    Time Written: 20090208155401.000000+060
    Event Type: Informasjon
    User: NT-MYNDIGHET\SYSTEM

    Application event log

    Computer Name: KJETIL
    Event Code: 105
    Message:
    Record Number: 18928
    Source Name: Creative Service for CDROM Access
    Time Written: 20080330212956.000000+120
    Event Type: Informasjon
    User:

    Computer Name: KJETIL
    Event Code: 1
    Message: Service started

    Record Number: 18927
    Source Name: Avg7UpdSvc
    Time Written: 20080330212956.000000+120
    Event Type: Informasjon
    User:

    Computer Name: KJETIL
    Event Code: 1800
    Message: Tjenesten Windows Security Center er startet.

    Record Number: 18926
    Source Name: SecurityCenter
    Time Written: 20080329204317.000000+060
    Event Type: Informasjon
    User:

    Computer Name: KJETIL
    Event Code: 2
    Message: The Diskeeper Control Center has been started.
    Diskeeper service started

    Record Number: 18925
    Source Name: Diskeeper
    Time Written: 20080329204313.000000+060
    Event Type: Informasjon
    User:

    Computer Name: KJETIL
    Event Code: 1
    Message: Service started

    Record Number: 18924
    Source Name: AVGEMS
    Time Written: 20080329204312.000000+060
    Event Type: Informasjon
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;E:\Programmer\Diskeeper\;C:\Programfiler\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0f00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Programfiler\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Programfiler\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------



    LOG

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Kødde at 2009-03-13 20:39:47
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 14 GB (47%) free of 30 GB
    Total RAM: 1023 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:39:52, on 13.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Kødde\Skrivebord\DOwns\RSIT.exe
    C:\Programfiler\Trend Micro\HijackThis\Kødde.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6691 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "MS Manager32 Startup"=manager32.exe []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
    "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-02-25 590848]
    "DiskeeperSystray"=E:\Programmer\Diskeeper\DkIcon.exe [2005-11-22 221184]
    "QuickTime Task"=C:\Programfiler\QuickTime\QTTask.exe [2009-01-05 413696]
    "iTunesHelper"=C:\Programfiler\iTunes\iTunesHelper.exe [2009-01-06 290088]
    "SunJavaUpdateSched"=C:\Programfiler\Java\jre6\bin\jusched.exe [2009-03-11 148888]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MS Manager32 Startup"=manager32.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Programfiler\iTunes\iTunesHelper.exe [2009-01-06 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Programfiler\QuickTime\QTTask.exe [2009-01-05 413696]

    C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
    Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoRecentDocsNetHood"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\WINDOWS\system32\cdiodytjqo.exe"="C:\WINDOWS\system32\cdiodytjqo.exe:*:Disabled:cdiodytjqo"
    "C:\Programfiler\WinMX\WinMX.exe"="C:\Programfiler\WinMX\WinMX.exe:*:Enabled:WinMX Application"
    "D:\Spill\LOTR\game.dat"="D:\Spill\LOTR\game.dat:*:Disabled:Kampen om Midgard(tm)"
    "C:\Programfiler\Kazaa\kazaa.exe"="C:\Programfiler\Kazaa\kazaa.exe:*:Disabled:Kazaa"
    "C:\Programfiler\BitComet\BitComet.exe"="C:\Programfiler\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "C:\Programfiler\LimeWire\LimeWire.exe"="C:\Programfiler\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\Programfiler\Google\Google Talk\googletalk.exe"="C:\Programfiler\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
    "C:\Programfiler\MSI\i-Speeder\i-Speeder.exe"="C:\Programfiler\MSI\i-Speeder\i-Speeder.exe:*:Enabled:i-Speeder"
    "C:\Programfiler\Grisoft\AVG7\avginet.exe"="C:\Programfiler\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
    "C:\Programfiler\Grisoft\AVG7\avgamsvr.exe"="C:\Programfiler\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\Programfiler\Grisoft\AVG7\avgcc.exe"="C:\Programfiler\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\Programfiler\Grisoft\AVG7\avgemc.exe"="C:\Programfiler\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
    "D:\Spill\Valve\Steam\Steam.exe"="D:\Spill\Valve\Steam\Steam.exe:*:Enabled:Steam"
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
    "D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe"="D:\Spill\Valve\Steam\SteamApps\kjetilss\half-life\hl.exe:*:Enabled:Half-Life Launcher"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programfiler\uTorrent\uTorrent.exe"="C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Programfiler\Bonjour\mDNSResponder.exe"="C:\Programfiler\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
    "C:\Programfiler\iTunes\iTunes.exe"="C:\Programfiler\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 3 months======

    2009-03-13 20:39:47 ----D---- C:\rsit
    2009-03-13 20:14:28 ----D---- C:\WINDOWS\ERUNT
    2009-03-13 20:09:06 ----D---- C:\WINDOWS\pss
    2009-03-11 23:08:52 ----D---- C:\SDFix
    2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-11 11:21:51 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-10 19:26:32 ----D---- C:\Programfiler\SopCast
    2009-03-10 14:04:34 ----D---- C:\WINDOWS\ERDNT
    2009-03-10 13:58:14 ----D---- C:\Programfiler\ERUNT
    2009-03-10 13:34:57 ----D---- C:\Programfiler\Trend Micro
    2009-03-10 13:07:59 ----D---- C:\Programfiler\iPod
    2009-03-10 13:07:57 ----D---- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-03-10 13:07:30 ----D---- C:\Programfiler\QuickTime
    2009-03-10 13:07:21 ----D---- C:\Programfiler\Apple Software Update
    2009-03-10 13:07:11 ----D---- C:\Programfiler\Fellesfiler\Apple
    2009-03-09 20:34:04 ----D---- C:\Programfiler\Spybot - Search & Destroy
    2009-03-09 20:34:04 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
    2009-03-09 19:37:46 ----D---- C:\Documents and Settings\Kødde\Programdata\Spotify
    2009-03-09 19:37:44 ----D---- C:\Programfiler\Spotify
    2009-03-05 16:28:32 ----D---- C:\lame-398-2
    2009-03-05 01:39:39 ----D---- C:\Programfiler\FileZilla Server
    2009-03-01 19:07:09 ----A---- C:\WINDOWS\phedit.ini
    2009-03-01 18:57:01 ----D---- C:\Programfiler\VCW VicMan's Photo Editor
    2009-03-01 18:57:01 ----A---- C:\WINDOWS\system32\msvcrt10.dll
    2009-03-01 18:57:01 ----A---- C:\WINDOWS\fmachine.ini
    2009-03-01 10:24:54 ----D---- C:\Programfiler\Karen's Power Tools
    2009-03-01 10:24:45 ----D---- C:\Documents and Settings\All Users\Programdata\Karen's Power Tools
    2009-02-28 18:41:21 ----D---- C:\Documents and Settings\Kødde\Programdata\skypePM
    2009-02-28 18:39:16 ----D---- C:\Documents and Settings\Kødde\Programdata\Skype
    2009-02-28 18:35:31 ----D---- C:\Programfiler\Fellesfiler\Skype
    2009-02-28 18:35:29 ----RD---- C:\Programfiler\Skype
    2009-02-28 18:35:24 ----D---- C:\Documents and Settings\All Users\Programdata\Skype
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudPlayer.dll
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioVisu.dll
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioRecord.dll
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudioInfos.dll
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudFile.dll
    2009-02-28 13:27:52 ----A---- C:\WINDOWS\system32\AudDisplay.dll
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\VB6FR.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\inetfr.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
    2009-02-28 13:27:51 ----A---- C:\WINDOWS\system32\AudDesign.dll
    2009-02-28 13:27:50 ----D---- C:\Programfiler\Free Audio Pack
    2009-02-28 13:27:50 ----A---- C:\WINDOWS\system32\lame_enc.dll
    2009-02-28 00:37:04 ----D---- C:\Documents and Settings\Kødde\Programdata\Processing
    2009-02-26 02:04:26 ----D---- C:\Programfiler\Audacity
    2009-02-24 23:53:26 ----D---- C:\iTunes Rettung
    2009-02-24 23:33:01 ----D---- C:\Programfiler\iTunes
    2009-02-22 16:15:59 ----D---- C:\Documents and Settings\Kødde\Programdata\gtk-2.0
    2009-02-21 20:07:46 ----D---- C:\Documents and Settings\Kødde\Programdata\Ashampoo
    2009-02-21 20:07:33 ----D---- C:\Documents and Settings\All Users\Programdata\ashampoo
    2009-02-21 20:07:30 ----D---- C:\Programfiler\Ashampoo
    2009-02-21 18:27:48 ----D---- C:\Programfiler\IrfanView
    2009-02-21 17:51:33 ----D---- C:\Programfiler\GIMP-2.0
    2009-02-21 14:52:50 ----D---- C:\Programfiler\TVAnts
    2009-02-19 13:34:48 ----A---- C:\WINDOWS\system32\hidserv.dll
    2009-02-09 21:53:56 ----D---- C:\Documents and Settings\All Users\Programdata\Adobe
    2009-02-09 21:53:49 ----D---- C:\Programfiler\Fellesfiler\Adobe
    2009-02-09 21:53:49 ----D---- C:\Programfiler\Adobe
    2009-02-08 21:53:51 ----D---- C:\Programfiler\iDump
    2009-02-08 17:51:16 ----D---- C:\Documents and Settings\Kødde\Programdata\dvdcss
    2009-02-08 16:25:42 ----D---- C:\Documents and Settings\Kødde\Programdata\WinRAR
    2009-02-08 16:25:17 ----D---- C:\Programfiler\WinRAR
    2009-02-08 15:56:41 ----D---- C:\Documents and Settings\Kødde\Programdata\Apple Computer
    2009-02-08 15:56:14 ----D---- C:\Programfiler\Bonjour
    2009-02-07 11:16:47 ----D---- C:\Documents and Settings\Kødde\Programdata\Mp3tag
    2009-02-07 11:16:42 ----D---- C:\Programfiler\Mp3tag
    2009-02-07 01:11:41 ----D---- C:\Programfiler\uTorrent
    2009-02-07 01:11:36 ----D---- C:\Documents and Settings\Kødde\Programdata\uTorrent
    2009-02-06 12:39:37 ----D---- C:\WINDOWS\flurry-win32-1.1.1.11
    2009-02-06 11:50:13 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-02-06 11:50:04 ----D---- C:\Programfiler\Java
    2009-02-06 11:28:07 ----D---- C:\Documents and Settings\Kødde\Programdata\vlc
    2009-02-06 11:26:55 ----D---- C:\Programfiler\VideoLAN
    2009-02-06 11:17:57 ----D---- C:\Programfiler\xp-AntiSpy
    2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\WRLSetup.exe
    2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\installrt2500qa.dll
    2009-02-06 10:55:10 ----A---- C:\WINDOWS\system32\AegisI5.exe
    2009-02-06 10:54:56 ----D---- C:\Programfiler\RALINK
    2009-02-06 10:27:48 ----D---- C:\Documents and Settings\Kødde\Programdata\MSN6
    2009-02-06 10:27:48 ----D---- C:\Documents and Settings\All Users\Programdata\MSN6
    2009-02-06 00:11:38 ----A---- C:\WINDOWS\ModemLog_Standard modem med 56000 bps.txt
    2009-01-21 21:09:55 ----D---- C:\Documents and Settings\Kødde\Programdata\Media Player Classic
    2009-01-14 21:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2008-12-17 22:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

    ======List of files/folders modified in the last 3 months======

    2009-03-13 20:39:44 ----D---- C:\WINDOWS\Prefetch
    2009-03-13 20:37:57 ----D---- C:\WINDOWS
    2009-03-13 20:37:44 ----D---- C:\Programfiler\Mozilla Firefox
    2009-03-13 20:34:06 ----AD---- C:\WINDOWS\Temp
    2009-03-13 20:32:29 ----RASH---- C:\boot.ini
    2009-03-13 20:32:29 ----A---- C:\WINDOWS\win.ini
    2009-03-13 20:32:29 ----A---- C:\WINDOWS\system.ini
    2009-03-13 20:15:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-13 20:10:09 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-03-11 22:51:04 ----D---- C:\WINDOWS\system32\drivers
    2009-03-11 22:51:03 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-11 11:22:52 ----SHD---- C:\WINDOWS\Installer
    2009-03-11 11:21:53 ----SHD---- C:\Config.Msi
    2009-03-11 11:21:51 ----D---- C:\WINDOWS\system32
    2009-03-10 19:26:32 ----AD---- C:\Programfiler
    2009-03-10 18:02:41 ----D---- C:\Documents and Settings\Kødde\Programdata\AVG7
    2009-03-10 13:07:19 ----HD---- C:\WINDOWS\inf
    2009-03-10 13:07:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-03-10 13:07:11 ----D---- C:\Programfiler\Fellesfiler
    2009-03-10 12:54:11 ----AD---- C:\Documents and Settings\All Users\Programdata\TEMP
    2009-02-24 23:41:35 ----D---- C:\WINDOWS\system32\NtmsData
    2009-02-08 23:39:01 ----D---- C:\WINDOWS\Debug
    2009-02-06 12:38:30 ----D---- C:\WINDOWS\system
    2009-02-06 10:54:56 ----HD---- C:\Programfiler\InstallShield Installation Information
    2009-01-31 14:25:32 ----D---- C:\WINDOWS\Help
    2009-01-28 22:00:25 ----D---- C:\Documents and Settings\Kødde\Programdata\Real
    2009-01-27 22:38:55 ----D---- C:\Documents and Settings\All Users\Programdata\Creative
    2009-01-27 22:23:17 ----D---- C:\Documents and Settings\All Users\Programdata\avg7
    2009-01-22 18:17:50 ----SD---- C:\WINDOWS\Tasks
    2009-01-22 18:16:21 ----D---- C:\WINDOWS\system32\Adobe
    2009-01-22 18:16:01 ----D---- C:\Documents and Settings\Kødde\Programdata\Macromedia
    2009-01-22 18:16:00 ----D---- C:\WINDOWS\system32\Macromed
    2009-01-22 18:16:00 ----D---- C:\Documents and Settings\Kødde\Programdata\Adobe
    2009-01-21 20:55:56 ----A---- C:\WINDOWS\clue.ini
    2009-01-21 20:38:28 ----D---- C:\Documents and Settings
    2009-01-21 20:28:32 ----D---- C:\WINDOWS\WinSxS
    2009-01-21 20:17:08 ----RSD---- C:\WINDOWS\Fonts
    2009-01-14 21:17:47 ----HD---- C:\WINDOWS\$hf_mig$
    2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-04 22:21:22 ----D---- C:\Programfiler\CCleaner

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
    R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
    R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-09-26 4224]
    R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-09-26 27776]
    R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 WS2IFSL;Windows Socket 2.0-støttemiljø for ikke-IFS-tjenesteleverandør; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-09 12032]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-06 17119]
    R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-09-26 4960]
    R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;HID-driver for mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-06 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-09 5888]
    R3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-12-15 218368]
    R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 aktivert hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Miniportdriver for Microsoft USB åpen vertskontroller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
    S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 catchme;catchme; \??\C:\DOCUME~1\KDDE~1\LOKALE~1\Temp\catchme.sys []
    S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-02-03 223128]
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
    S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
    S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-09-30 16880]
    S3 NIC1394;1394-nettverksdriver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
    S3 QV2KUX;Casio digitalt kamera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
    S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
    S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
    S3 SONYPVU1;Sony USB-filterdriver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 st3mp28;st3mp28; C:\WINDOWS\System32\DRIVERS\st3mp28.sys []
    S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2007-06-15 19840]
    S3 USBSTOR;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-13 96512]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-23 418816]
    R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-09-26 49664]
    R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
    R2 Bonjour Service;Bonjour-tjeneste; C:\Programfiler\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 Diskeeper;Diskeeper; E:\Programmer\Diskeeper\DkService.exe [2005-11-23 765952]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2009-03-11 152984]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
    R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2005-09-02 126976]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;iPod-tjeneste; C:\Programfiler\iPod\bin\iPodService.exe [2009-01-06 536872]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 FileZilla Server;FileZilla Server FTP server; C:\Programfiler\FileZilla Server\FileZilla Server.exe [2009-03-03 691200]
    S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 NipSvc;Norman API-hooking helper; E:\Norman\Nvc\BIN\nipsvc.exe []
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]

    -----------------EOF-----------------



    HJT


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:37:23, on 13.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6625 bytes

  4. #4
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default edit

    Hi.

    I just realized that itunes might have worked (nearly) properly all the way. It just takes about 7 minutes for it to start up. I didn't deliberatley change anything (location, amount, whatever...) about what it has to collect so i don't see why it takes like 6 1/2 minutes longer now than a few days ago.

    Everything else works fine i believe.

  5. #5
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner

    1 - Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2

    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.

    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    On the Scanner tab:
    • Make sure the "Perform full scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found here:

      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    • Copy and paste the contents of that report in your next reply and exit MBAM.


    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    2 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    3 - Status Check
    Please reply with

    1. the Malwarebytes' Anti-Malware Log
    2. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #6
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default latest scans

    Er du egentlig norsk?

    Again - here's what you asked for:
    ____


    Malwarebytes' Anti-Malware 1.34
    Databaseversjon: 1851
    Windows 5.1.2600 Service Pack 3

    15.03.2009 11:07:37
    mbam-log-2009-03-15 (11-07-31).txt

    Skanntype: Full Skann (C:\|D:\|E:\|)
    Objekter skannet: 141128
    Tid tilbakelagt: 26 minute(s), 43 second(s)

    Minneprosesser infisert: 0
    Minnemoduler infisert: 0
    Registernøkler infisert: 0
    Registerverdier infisert: 0
    Registerfiler infisert: 2
    Mapper infisert: 0
    Filer infisert: 0

    Minneprosesser infisert:
    (Ingen mistenkelige filer funnet)

    Minnemoduler infisert:
    (Ingen mistenkelige filer funnet)

    Registernøkler infisert:
    (Ingen mistenkelige filer funnet)

    Registerverdier infisert:
    (Ingen mistenkelige filer funnet)

    Registerfiler infisert:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

    Mapper infisert:
    (Ingen mistenkelige filer funnet)

    Filer infisert:
    (Ingen mistenkelige filer funnet)


    ____


    Malwarebytes' Anti-Malware 1.34
    Databaseversjon: 1851
    Windows 5.1.2600 Service Pack 3

    15.03.2009 11:07:48
    mbam-log-2009-03-15 (11-07-48).txt

    Skanntype: Full Skann (C:\|D:\|E:\|)
    Objekter skannet: 141128
    Tid tilbakelagt: 26 minute(s), 43 second(s)

    Minneprosesser infisert: 0
    Minnemoduler infisert: 0
    Registernøkler infisert: 0
    Registerverdier infisert: 0
    Registerfiler infisert: 2
    Mapper infisert: 0
    Filer infisert: 0

    Minneprosesser infisert:
    (Ingen mistenkelige filer funnet)

    Minnemoduler infisert:
    (Ingen mistenkelige filer funnet)

    Registernøkler infisert:
    (Ingen mistenkelige filer funnet)

    Registerverdier infisert:
    (Ingen mistenkelige filer funnet)

    Registerfiler infisert:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Mapper infisert:
    (Ingen mistenkelige filer funnet)

    Filer infisert:
    (Ingen mistenkelige filer funnet)


    ____



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:04, on 15.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6526 bytes

  7. #7
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi berliner

    egentlig jeg er finsk..men har bodd lenge i Norge

    1 - Remove bad HijackThis entries
    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      • O4 - HKLM\..\Run: [MS Manager32 Startup] manager32.exe
        O4 - HKLM\..\RunServices: [MS Manager32 Startup] manager32.exe
        O4 - HKCU\..\Run: [MS Manager32 Startup] manager32.exe

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    2 - Download and Run OTMoveIt3

    Download OTMoveIt3 by Old Timer and save it to your Desktop.
    • Double-click OTMoveIt3.exe.
    • Copy the lines in the codebox below.

    Code:
    :files
    C:\windows\system32\manager32.exe
    • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTMoveIt3


    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with

    2. the OTMoveIt3 log
    3. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  8. #8
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default Yksi Kaksi Kolme

    Jeg er tysk og i Oslo.


    MoveIt:

    Error: Unable to interpret <C:\windows\system32\manager32.exe> in the current context!

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_230529


    HJT:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:07:24, on 15.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6395 bytes

    Takk for nå.

  9. #9
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi ang God Morgen berliner

    FileLook

    Please download FileLook by jpshortstuff from one of the following mirrors:
    Link 1
    Link 2
    • Double-click FileLook.exe to run it. (Vista users will almost certainly have to right click and select Run As Administrator)
    • Ensure that the BBCode Ouput checkbox is checked.
    • Copy the content of the following codebox into the main textfield:

      Code:
      manager32.exe
    • Click the FileLook button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found at C:\fl_log.txt

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  10. #10
    Junior Member
    Join Date
    Mar 2009
    Posts
    11

    Default

    FileLook.exe v2.0 by jpshortstuff
    Log created at 16:09 on 16/03/2009
    ==================================
    FileLook - "anager32.exe"

    Unable to find file.

    ==============================

    =EOF=



    [HJT]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:10:43, on 16.03.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Programfiler\iTunes\iTunesHelper.exe
    C:\Programfiler\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Programfiler\Bonjour\mDNSResponder.exe
    E:\Programmer\Diskeeper\DkService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Programfiler\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Mozilla Firefox\firefox.exe
    C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Programmer\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - http://liveupdate.msi.com.tw/autobio...ne/install.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - E:\Programmer\Diskeeper\DkService.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programfiler\FileZilla Server\FileZilla Server.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6395 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •